Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hope some one can help me

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hope some one can help me

Unread postby njsmith999 » July 29th, 2008, 3:20 pm

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: delete.exe
Status: INFECTED/MALWARE
MD5: 42329e712c38daf17441689e42c45eff
Packers detected: -

Scanner results
Scan taken on 29 Jul 2008 19:18:46 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found Heur.W32
Avast Found Win32:Tibxpack
AVG Antivirus Found I-Worm/Nuwar.S
BitDefender Found Trojan.Peed.JOP
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Fakealert.950
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found PossibleThreat
Ikarus Found Trojan.Peed.JOB
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Agent.NZX
Norman Virus Control Found W32/Tibs.CJBC
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/FakeVir-DF
VirusBuster Found nothing
VBA32 Found Trojan.Fakealert.950

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: _H4T3.exe (MD5: e24d6dfbb6065dfb567ed75f4316ac23, size: 174506 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Dropper.Gen
ArcaVir X
Avast X
AVG Antivirus Klone
BitDefender GenPack:Backdoor.Shark.BS
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus W32/Shark.D.gen!Eldorado
F-Secure Anti-Virus X
Fortinet X
Ikarus Backdoor.Shark
Kaspersky Anti-Virus X
NOD32 Win32/Shark.AXZ
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Embedded.Backdoor.Win32.Shark.axz


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

© 2004-2008 Jotti <jotti@jotti.org>
njsmith999
Regular Member
 
Posts: 15
Joined: July 24th, 2008, 7:48 pm
Advertisement
Register to Remove

Re: Hope some one can help me

Unread postby chryssi2001 » July 30th, 2008, 1:19 am

Hello njsmith999,

Thanks for the information.
----------------------------------------------
Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 7 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O21 - SSODL: DscCmdMon - {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\DscCmdMon.dll


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=33044&st=0&sk=t&sd=a&start=15
    
    Collect::
    C:\WINDOWS\system32\delete.exe
    C:\WINDOWS\system32\Nobicyt.exe
    
    File::
    C:\WINDOWS\system32\avgrsstx(2).dll
    
    Folder::
    C:\WINDOWS\system32\7889
    C:\Program Files\nvtkmz
    C:\Documents and Settings\All Users\Application Data\punyjmfo
    C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint
    C:\MDT
    C:\Program Files\Full Tilt Poker
    C:\WINDOWS\system32\drivers\Avg(2)
    C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR
    C:\Documents and Settings\Norma Smith\Application Data\Sammsoft
    C:\Program Files\Advanced Registry Optimizer
    C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk 
    C:\Program Files\LimeWire
    C:\Documents and Settings\Norma Smith\Application Data\LimeWire
    C:\Documents and Settings\Nicole\Application Data\LimeWire
    
    Driver::
    NOBICYT
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "DscCmdMon"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=-
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Update and run Malwarebytes' Anti-Malware again.
----------------------------------------------
Post back:
Combofix report.
Malwarebytes' Anti-Malware report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Hope some one can help me

Unread postby njsmith999 » July 31st, 2008, 9:53 pm

ComboFix 08-07-28.6 - Norma Smith 2008-07-31 21:39:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.534 [GMT -4:00]
Running from: C:\Documents and Settings\Norma Smith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Norma Smith\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\avgrsstx(2).dll
C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\ :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\punyjmfo
C:\Documents and Settings\All Users\Application Data\punyjmfo\votifijq.exe
C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint
C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\avglinks.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\avglogo.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\avgstatus.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\avgstatus_error.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\brandlogo.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\p_yahoo.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesearch.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesearch_off.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesearch_on.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesurf.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesurf_off.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\safesurf_on.bmp
C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR\slider.bmp
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\5JV77V33\interclick.com
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\5JV77V33\interclick.com\ud.sol
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\MDT
C:\MDT\MSetting.ini
C:\MDT\path.ini
C:\MDT\Setting.ini
C:\Program Files\Full Tilt Poker
C:\Program Files\Full Tilt Poker\Cache\42D4EB830001.dc
C:\Program Files\Full Tilt Poker\njsmith999.dat
C:\Program Files\Full Tilt Poker\stand1.dat
C:\Program Files\nvtkmz
C:\Program Files\nvtkmz\DscCmdMon.dll
C:\WINDOWS\system32\7889
C:\WINDOWS\system32\avgrsstx(2).dll
C:\WINDOWS\system32\delete.exe
C:\WINDOWS\system32\drivers\Avg(2)
C:\WINDOWS\system32\drivers\Avg(2)\avi7.avg
C:\WINDOWS\system32\drivers\Avg(2)\incavi.avm
C:\WINDOWS\system32\drivers\Avg(2)\microavi.avg
C:\WINDOWS\system32\drivers\Avg(2)\miniavi.avg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NOBICYT
-------\Service_NOBICYT


((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-31 21:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 21:14 . 2008-07-31 21:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 10:42 . 2008-07-29 10:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 10:42 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 10:42 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 02:02 . 2008-07-29 02:02 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-07-27 18:36 . 2008-07-27 18:36 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\Malwarebytes
2008-07-27 18:36 . 2008-07-27 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 10:49 . 2008-07-31 21:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-26 10:49 . 2008-07-26 10:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-22 09:21 . 2008-07-22 09:21 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\Uniblue
2008-07-22 09:21 . 2008-07-22 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-17 10:09 . 2008-07-31 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dl_cats
2008-07-17 10:08 . 2008-07-17 10:08 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-12 10:38 . 2008-07-12 10:38 <DIR> d-------- C:\Program Files\Minutes Matter Solutions
2008-07-10 08:02 . 2008-07-10 08:02 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-10 00:42 . 2008-07-10 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 13:12 . 2008-01-15 11:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-07-08 13:12 . 2008-01-15 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-08 13:12 . 2008-07-08 13:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-07 22:01 . 2008-07-07 22:01 <DIR> d-------- C:\Program Files\AVG
2008-07-07 22:01 . 2008-07-07 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-06 17:32 . 2008-07-06 17:34 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\eBookPro6
2008-07-06 15:37 . 2006-12-05 19:52 505 --a------ C:\unPDVDDX.iss
2008-07-06 15:19 . 2008-07-06 15:19 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\CyberLink
2008-07-06 15:19 . 2008-07-06 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 00:10 . 2008-07-06 00:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 01:16 --------- d-----w C:\Program Files\Java
2008-07-29 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 02:47 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Apple Computer
2008-07-27 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:03 --------- d-----w C:\Program Files\Roxio
2008-07-21 04:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-20 13:54 --------- d-----w C:\Program Files\Dell AIO Printer 948
2008-07-18 01:51 --------- d-----w C:\Program Files\LimeWire
2008-07-18 01:46 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\LimeWire
2008-07-18 01:40 --------- d-----w C:\Documents and Settings\Nicole\Application Data\LimeWire
2008-07-15 01:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 05:44 --------- d-----w C:\Program Files\Yahoo!
2008-07-08 02:25 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-07 22:36 --------- d-----w C:\Program Files\Trend Micro
2008-07-05 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-28 20:58 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\Corel
2008-06-26 12:51 --------- d-----w C:\Documents and Settings\Chelsea Smith\Application Data\Yahoo!
2008-06-24 05:47 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\Apple Computer
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:21 --------- d-----w C:\Program Files\DVDVideoSoft
2008-06-13 00:21 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-06-11 01:50 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\SecondLife
2008-02-06 18:40 1,377,872 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-29_12.28.21.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 17:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 17:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 19:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 18:15 321040]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 12:41 223984]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 11:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 21:45 138008]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 18:40 128560]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 21:45 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-16 21:45 162584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-15 11:16 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07 496752]
"MemoryCardManager"="C:\Program Files\Dell AIO Printer 948\memcard.exe" [2007-09-18 14:45 410280]
"Dell AIO Printer 948 Fax Server"="C:\Program Files\Dell AIO Printer 948\fm3032.exe" [2007-09-19 21:27 312560]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 12:41 223984]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"dldfmon.exe"="C:\Program Files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 14:45 455336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 02:33 478800]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 21:48 16132608 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456]

C:\Documents and Settings\Norma Smith\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-15 11:04:35 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\dldfcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=

R2 dldf_device;dldf_device;C:\WINDOWS\system32\dldfcoms.exe [2007-06-26 07:56]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-04 07:00]
S4 dldfCATSCustConnectService;dldfCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 07:56]
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:46:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-31 21:49:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 01:49:28
ComboFix2.txt 2008-07-29 16:28:38

Pre-Run: 225,060,958,208 bytes free
Post-Run: 225,068,822,528 bytes free

247 --- E O F --- 2008-07-10 12:02:32
njsmith999
Regular Member
 
Posts: 15
Joined: July 24th, 2008, 7:48 pm

Re: Hope some one can help me

Unread postby njsmith999 » July 31st, 2008, 10:22 pm

Malwarebytes' Anti-Malware 1.23
Database version: 1006
Windows 5.1.2600 Service Pack 2

10:21:23 PM 7/31/2008
mbam-log-7-31-2008 (22-21-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86655
Time elapsed: 23 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shc5v5j0el1n (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
njsmith999
Regular Member
 
Posts: 15
Joined: July 24th, 2008, 7:48 pm

Re: Hope some one can help me

Unread postby njsmith999 » July 31st, 2008, 10:23 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:37 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0080115
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10884 bytes
njsmith999
Regular Member
 
Posts: 15
Joined: July 24th, 2008, 7:48 pm

Re: Hope some one can help me

Unread postby njsmith999 » July 31st, 2008, 10:29 pm

Also, whenever I reboot I get this message:

RoxWatchTray9.exe unable to locate component. This application has failed to start because layout DLL9.dll was not found. Re installing application may fix this.

I have a Roxio DVD disc that came with my computer. Should I reinstall it?

Things seems to be getting alot better and I really appreciate you help. However, today I had an Antiviris thing pop up on my computer at work. Do you think I am spreading it?

Norma
njsmith999
Regular Member
 
Posts: 15
Joined: July 24th, 2008, 7:48 pm

Re: Hope some one can help me

Unread postby chryssi2001 » August 1st, 2008, 1:28 pm

Hello njsmith999,

Also, whenever I reboot I get this message:

RoxWatchTray9.exe unable to locate component. This application has failed to start because layout DLL9.dll was not found. Re installing application may fix this.

I have a Roxio DVD disc that came with my computer. Should I reinstall it?

Yes do that.

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
This line shows that RoxWatchTray, loads perfectly.
So, uninstall it first using Add/Remove Programs and re-install it.

Nothing we did removed a part of that program.
------------------------------------------
Things seems to be getting alot better and I really appreciate you help. However, today I had an Antiviris thing pop up on my computer at work. Do you think I am spreading it?

Is this a laptop? And you connect it on the Internet when you go to work?

Please explain.

Do you talk for another pc?
------------------------------------------
Can you tell me who Nicole is?
I included Limewire for Nicole user in my fix, and it didn't work.

Can you login the pc, as Nicole? You have to go mannually to remove the bolded part.

C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\
LimeWire On Startup.lnk
------------------------------------------
I want to clear these matters before we proceed, so i will wait for your answer.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Hope some one can help me

Unread postby Elrond » August 6th, 2008, 3:11 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 317 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware